Latest thinking

The privacy and electronic communications directive

Published: 14 September 2003

TagsTags:

By: Nick Tatt

What is it?

The new privacy and electronic communications directive concerns the protection of a data subjects right to privacy. It deals with communication over publicly available electronic communication networks and services. It therefore covers e-mail, fax, SMS, MMS, phones and the Internet. It also caters for any future technological advances in electronic communication.
When does it come into effect

All EU countries must incorporate this into national law by 31 October 2003.
Brief summary

The legislation covers many aspects of electronic communication. The main items are:

  1. Security of networks and services. Any network must have a level of security that prevents others from gaining your personal information. If this level of security cannot be guaranteed then the risks users are running must be clearly stated in the appropriate place and methods of providing security given.
  2. Confidentiality of communications. The legislation extends protection to electronic communication mediums and guarantees the privacy of all communications.
  3. Spyware and cookies. Cookies are very useful to many users for maintaining their preferred settings and passwords for websites. However, the method used to implant a cookie often means it is invisible to the user therefore is classified as an intrusion. If cookies are used then the user must be given clear information about the purpose and use of such items. The user must be given the right to refuse cookies being planted on their equipment.
  4. Traffic data. Confidentiality also has to extend to information gathered about a persons contact habits, interests, whereabouts and preferences. You can store such data for transmission of a communication providing it is then erased when complete. Data can be retained for billing purposes after this but then it must also be erased when the purposes has been completed. You can use Traffic Data for value added services, but the user/s must be made aware and give their consent beforehand. Traffic data can also be used in criminal investigation according to the law of that country.
  5. Location data. This can be broad based or very specific. It carries the same level of protection as traffic data and mobile users must not be subject to constant surveillance. Subscribers to a location based service should have the option of temporarily blocking the tracing facility. Location data can be of great use for such things as route guidance, property location or the emergency services and the latter can use location data without prior consent.
  6. Public subscriber directories. Every subscriber has the right to refuse their information being made available i.e. ex-directory. They must be given this option and no charge made for the service. Directory publishers are required to provide full information about the purpose and search facilities of any printed or electronic directory in which subscriber details will be included so that every subscriber can make an informed choice.
  7. Unsolicited commercial communication. The sending of these is prohibited unless the prior consent of the recipient has been given. The only exception is where the contact information has been obtained for e-mail or SMS messages (not faxes) in the context of a sale. The organisation using such data can do so for marketing similar products to the original one sold, but the recipient has to be given the right to opt out of the service at any time. Contact data may only be used by the same company for similar products and services and not given to another party for their use. It should also be made clear right from the start that data will be used for direct marketing and the right to object be included with each separate message. Opt in is mandatory for all marketing communications to natural persons but optional for legal persons. Direct marketing messages must not conceal or disguise the identity of the sender and must include a valid address to respond to. Spammers are also included here and if they persistently ignore your request to stop then contact the Information Commissioner (in the UK) or national Data Protection body for assistance. You can also check with your ISP to see if they provide a spam filtering service or can recommend suitable software.
  8. Calling line identification. Usually included in mobile subscriptions and as a value added service in fixed systems. Callers may wish to withhold their information, such as for ex-directory numbers. Recipients should also have the right to refuse calls from unidentified numbers. There is also a service called Connected Line Identification where a call is transferred to another number from the one called. The recipient should have the right to prevent this number being shown i.e. when a called work number is transferred to a home number.
  9. Nuisance calls. These are dealt with as a special case whereby the provider has the right to override any privacy blocks put on by the caller.
  10. Emergency calls. This is also a special case as Emergency Services will need to identify where the caller is and again all privacy is overridden.
  11. Automatic call forwarding. All users should be able to stop the automatic forwarding of communications to their address/s, for instance, if it was originated without their prior knowledge. This should be by a simple request to the service provider.

Have your say

Add your comment to 'The privacy and electronic communications directive'.

Textile is enabled in the comment field and HTML will be stripped out. Your email address is required but don't worry it doesn't get displayed and we won't share it with others.

Textile Help